Skills
skills/ruvnet/ruflo/flow-nexus-platform/Snyk

flow-nexus-platform

Fail

Audited by Snyk on Mar 1, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt contains numerous examples that embed API keys, tokens, passwords, and database URLs directly into function calls and env_vars (e.g., "your_api_key", "sk-ant-...", database URLs with user:pass), which instructs the agent to include secret values verbatim in generated code/requests and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows fetching and executing arbitrary third‑party code (e.g., git clone https://github.com/... in the "Advanced Sandbox Configuration" and deploying/listing user-published templates in "App Store & Deployment"), which means the agent will ingest untrusted, user-generated content that can influence deployments and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The Advanced Sandbox Configuration startup_script includes a runtime git clone of "https:/$github.com$user$repo" (i.e. https://github.com/user/repo) followed by cd and npm install/run commands, which fetches remote repository code at runtime and causes execution of that remote code inside the sandbox.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill includes explicit payment and credit-management APIs: mcp__flow-nexus__create_payment_link(...) which returns a secure Stripe payment URL (explicit payment gateway integration), mcp__flow-nexus__configure_auto_refill(...) to automatically purchase credits, and mcp__flow-nexus__app_store_earn_ruv(...) which programmatically adjusts user credits. These are specific, purpose-built financial operations (creating payment links, auto-purchasing credits, and credit transfers), not generic tooling, and thus constitute direct financial execution capability.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 04:34 PM